Advantages of SCONE
-
SCONE simplifies building and operating confidential applications. You can rebuild existing applications to become confidential applications running on top of vanilla Kubernetes clusters (as long as the containers are permitted to use SGX).
-
SCONE supports confidential multi-party computations. Modern software services are quite complex - involving multiple stakeholders to get services running. Not all of these stakeholders trust each other and we need to expect that some attackers have root access on the hosts on which the services execute. SCONE helps multiple stakeholders by supporting the composition of security policies of multiple stakeholders (see overview).
- SCONE transparently attests applications. This ensures that an application indeed runs inside of an enclave. Only after a successful attestation, the application gets its keys to unlock the file system, its arguments and its environment variables - which all might contain secrets that need to be protected.
-
SCONE has an integrated secrets and configuration management - simplifying the distribution of secrets without application changes by performing a transparent attestation of applications. The integrated key management allows clients to ensure that their data is protected from accesses by other clients and attackers (see an example in the context of trusted DApps).
-
SCONE scales better than competing solutions since it uses an advanced thread management and a very efficient way to perform asynchronous system calls: when an enclave performs a system call, SCONE switches to another application thread while the system call is performed by threads running outside the enclave. This minimizes the need for the threads running inside the enclave to exit the enclave. Minimizing the enclave exits is particularly important looking at recent CPU microcode updates in the context of L1TF: The CPU needs to flush the L1 cache - which is an expensive operation. Single-threaded applications can be tuned for low-latency system call processing.
-
SCONE has smaller executables. SCONE is based on a modified C library instead of running a complete library OS inside of an enclave. This does not only reduce the size of the enclaves and hence, the number of software bugs inside the enclave. To see how large typical code sizes are and the defender's dilemma, have a look at our background section. Large code size does not only mean more bugs (expect about 0.61 bugs per 1000 lines) but also negatively impacts performance: SGX CPUs have limited EPC (enclave page cache) and larger memory footprints result in general in worse performance.
-
SCONE comes with a toolchain. While SCONE supports binaries compiled for Alpine Linux, we recommend recompiling binaries to minimize code size and to ensure better performance and security of the applications. Also, the cross-compiler ensures that the correct model for thread-local variables is used.
-
SCONE comes with curated images. Since compiling and configuring applications is an effort, we provide common applications like Vault, nginx, MariaDB, Apache, etc.
-
SCONE supports binary compatibility. We support binary compatibility for Alpine Linux, i.e., we can run native Alpine applications without modifications / recompilation inside SGX enclaves.
-
SCONE protects the OS interface. SCONE provides shields to protect the interaction with the operating system interface. For example, it provides the transparent encryption of files (example). While the OS interface has more calls than the VMM interface used by a library OS (like Haven), we decided in SCONE to protect the OS interface instead since it provides us with more specific semantics which in turn simplifies the shielding.
-
SCONE ensures better Linux compatibility. By providing a native OS interface, SCONE reduces compatibility issues of the application. A library OS will most likely not be 100% compatible with the latest Linux kernel.
-
SCONE is hardware-independent. The design of SCONE is such that we can support other TEEs (trusted execution environments) when they become available. In this way, one does not have to port applications to different TEEs.
-
SCONE supports various package managers. While SCONE focuses on securing containers and cloud-native applications, SCONE can help you to secure almost any program running on top of Linux. In particular, you can deploy a SCONE-based application with your favorite package manager.